Red Hat hit by npm supply‑chain attack - here's how to stay safe
Red Hat has experienced a significant npm supply-chain attack, compromising numerous JavaScript packages. The breach involved credential-stealing malware that targeted secrets within Red Hat's development systems. Security experts are advising users to check their npm packages for vulnerabilities and assume that any installed affected versions may have exposed sensitive credentials.
- ▪Red Hat was the victim of an npm security breach involving credential-stealing malware.
- ▪The attack compromised 96 versions across 32 packages in the @redhat-cloud-services namespace.
- ▪Malicious code was injected via a compromised GitHub account, affecting the build process of Red Hat products.
Opening excerpt (first ~120 words) tap to expand
Tech Home Tech Security Red Hat hit by npm supply‑chain attack - here's how to stay safe Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it. Written by Steven Vaughan-Nichols, Senior Contributing EditorSenior Contributing Editor June 3, 2026 at 8:33 a.m. PT John Keeble/Getty ImagesFollow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Red Hat was the victim of an npm security breach.The company has removed the affected packages.Check whether you use @redhat-cloud-services npm namespace.The npm repository namespace --the JavaScript runtime environment Node.js package manager -- is infamous for security breaches.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at ZDNet.
Discussion
0 commentsMore from ZDNet
